Firefox 17 is more social and secure, but doesn’t care for leopards

Alongside the usual list of tweaks, Mozilla ends support for OS X 10.5.

Another six weeks, another Firefox version. This time around it's Firefox 17 that has hit the stable channel. As has become the norm since Mozilla implemented its rapid release schedule in 2011, this version introduces a couple of larger features alongside a handful of small ones. Let's jump right in.

Enlarge/ Apps that are aware of Firefox 17's Social API can hook into the browser to enable persistent functionality even if you aren't on the service's website.

Firefox 17's banner feature is a new Social API which is sort of similar to the search API that allows different services to use Firefox's search box. The only service that currently plugs into the social API is Facebook Messenger, but anyone can leverage the API. Navigating to the Facebook for Firefox page while running Firefox 17 and clicking the Turn On button will enable a persistent sidebar in your Firefox window that shows you your Facebook chat list as well as your outstanding notifications. Pop-up notifications will also appear in the lower-right corner of your screen.

Also new is what Mozilla is calling "Click-to-play plugins." If the user is using outdated versions of plugins like Flash, the browser will no longer play content that uses those plugins by default. Users must manually click the content to get it to play and are also offered an update link that will attempt to find and install a newer version of the affected plugin if it exists. A plugin icon next to Firefox's "Awesome Bar" will also show the user more information about the disabled plugins in question.

Enlarge/ An example of a webpage that calls on outdated or insecure plugins. Users can manually play the content but are strongly encouraged to update first.

This is also the first new version of Firefox to completely drop support for OS X 10.5—Chrome dropped Leopard support in version 21 a few weeks ago, and Safari's last Leopard-supporting update came way back in July of 2011 with version 5.0.6. Opera 12, then, is the last major browser that continues to support the aging OS, and even in that case PowerPC support was dropped long ago. Leopard holdouts may want to rethink their decision not to upgrade.

Finally, Firefox 17 ushers in Mozilla's second Extended Support Release (ESR), which will fully replace version 10 when it is retired in February of 2013. As we discussed early this year, the ESR was Mozilla's attempt to placate IT administrators upset about Firefox's then-newish rapid-release schedule. The ESR version of Firefox receives new security patches as they're released but doesn't get any of the new features present in later Firefox versions until the next major version. The ESR was a nice thought, though our browser stats don't appear to show a particularly high number of Firefox users sticking with version 10 of the browser—it's more likely that the ESR appeals to (and will continue to appeal to) a small but vocal minority.

The Developer Toolbar and a few of the other Firefox developer tools offer increased visibility for some of their features.

And finally, as usual, there's a laundry list of smaller fixes and changes aimed at addressing smaller complaints—some Awesome Bar icons are slightly larger, some 20 "performance improvements" have been implemented, and there have also been some improvements to developer features like the Web Console, Debugger, and Developer Toolbar. For the full list of changes, you can check the What's New page for Firefox 17 here.

Promoted Comments

Clarifying for emphasis: The Extended Support Release will receive security updates for 54 WEEKS. That's more than a year. If you're one of those people who refuse to update Firefox because you're afraid it will disable your extensions or don't like the frequent updates or think the updater will kick your dog and fool around with your wife, this is the release for you. All of you people running unsupported versions of Firefox (basically everything 16 or lower, FF10 ESR will be supported for 12 more weeks) need to either get on this, or get off the internet.

I'm hoping that the Facebook integration is not the beginning of massive browser bloat from integrating all kinds of services in general. Not everyone here uses Facebook or Twitter -- would be nice if this were an optional add-on.

Clarifying for emphasis: The Extended Support Release will receive security updates for 54 WEEKS. That's more than a year. If you're one of those people who refuse to update Firefox because you're afraid it will disable your extensions or don't like the frequent updates or think the updater will kick your dog and fool around with your wife, this is the release for you. All of you people running unsupported versions of Firefox (basically everything 16 or lower, FF10 ESR will be supported for 12 more weeks) need to either get on this, or get off the internet.

Sorry to be off-topic, but the Windows (8) screenshots are so ugly, makes WinXP look current.

Yeah, I dunno if the retro-green window theme was an intentional choice on the part of the reviewer or not (Win8 can automatically change the theme color based on the wallpaper), but it's remarkably hideous.

So, basically, it adds a toolbar for "social networking" sites to spy on you and forces you to update plugins (that don't really need to be updated, in most cases) or else add inconvenience to your life. No thanks.

Does the click-to-play feature actually work as documented for anyone? On an XP system where the Mozilla plugin check indicates the installed version as vulnerable, Flash still runs normally unless you manually enable click-to-play for everything.

Wasn't firefox the rebel of the Mozilla/Netscape browser that realized batching everything Internet (mail, cal, chat, etc.) into a browser is bad for its performance. What the heck has a chat client to do in there? Or even the firebug debugger?

Don't get me wrong those things are useful and I use them, but I'm a developer. I call this the new bloatware, installed by default, not used by most users.

Firefox team, focus on innovation that matters to a browser (GPU acceleration, Java Script performance, profile sync that does not take 2 min to shut down the browser, speed, speed, speed, ...).

Let others roll their own good ideas at best make them plugins to be installed separately!

Wasn't firefox the rebel of the Mozilla/Netscape browser that realized batching everything Internet (mail, cal, chat, etc.) into a browser is bad for its performance. What the heck has a chat client to do in there? Or even the firebug debugger?

Don't get me wrong those things are useful and I use them, but I'm a developer. I call this the new bloatware, installed by default, not used by most users.

Firefox team, focus on innovation that matters to a browser (GPU acceleration, Java Script performance, profile sync that does not take 2 min to shut down the browser, speed, speed, speed, ...).

Let others roll their own good ideas at best make them plugins to be installed separately!

There was an effort, years ago, to split the rendering engine out so it could be used in many different browsers, lean or heavy or anywhere in between.

But the guy spearheading that movement was poached by Apple in 2002 and has been working on WebKit ever since (David Hyatt).

A few days ago I built my own simple web browser, in about 3 hours, based on WebKit. It suits my needs almost perfectly. Good luck doing that with FireFox.

So, basically, it adds a toolbar for "social networking" sites to spy on you and forces you to update plugins (that don't really need to be updated, in most cases) or else add inconvenience to your life. No thanks.

It does not intrude your privacy. One of the main reasons this API was made is to make sure that some sites can integrate in browser in privacy respectful way. It is in no way different than having facebook opened in tab.

Wasn't firefox the rebel of the Mozilla/Netscape browser that realized batching everything Internet (mail, cal, chat, etc.) into a browser is bad for its performance. What the heck has a chat client to do in there? Or even the firebug debugger?

Don't get me wrong those things are useful and I use them, but I'm a developer. I call this the new bloatware, installed by default, not used by most users.

Firefox team, focus on innovation that matters to a browser (GPU acceleration, Java Script performance, profile sync that does not take 2 min to shut down the browser, speed, speed, speed, ...).

Let others roll their own good ideas at best make them plugins to be installed separately!

Do you have any evidence that these features slow down the browser? Or are you just making an assumption that more lines of code = slower?

Given I have around 22GB of RAM free, and firefox is using a measy 500MB with 23 tabs open (many of those heavy Magento sites, picture sites, forums etc), it's not really a huge issue. With Bartab, which unloads unused tabs, I'm probably down to around 200MB.I also don't notice a lot of CPU usage, unless a plugin or script is running amok.

Security is a valid concern - more features mean more potential security exploits. In general if you're worried about security, I'd probably run IE9 instead.

(It is really abysmal that Apple does not support Safari on its three year old Snow Leopard OS.)

It was only a $69 upgrade to the next version after that, which received a bugfix update about a month ago and is far superior to SL. Why are you using such an old version?

Your comment implies than SL is the last version to support PPC, when in fact false. Apple stopped selling PPC hardware 6 years ago, and they continued to release software compatible with it for another 3 years before releasing an OS update that didn't really add any new features, it just dropped PPC support and was a nice performance upgrade for Intel macs.

(It is really abysmal that Apple does not support Safari on its three year old Snow Leopard OS.)

The presence of a modern secure browser is the essential element in maintaining the useability of an older OS. But then there is no money in that is there.

It was only a $69 upgrade to the next version after that, which received a bugfix update about a month ago and is far superior to SL. Why are you using such an old version?

Your comment implies than SL is the last version to support PPC, when in fact false. Apple stopped selling PPC hardware 6 years ago, and they continued to release software compatible with it for another 3 years before releasing an OS update that didn't really add any new features, it just dropped PPC support and was a nice performance upgrade for Intel macs.

It wasn't until 5 years after they sold the last PPC mac that they released an incompatible version of OS X that actually had new features.

It's a consumer OS, not an enterprise OS. If you want something secure switch to Windows Server or OpenBSD.

I'm hoping that the Facebook integration is not the beginning of massive browser bloat from integrating all kinds of services in general. Not everyone here uses Facebook or Twitter -- would be nice if this were an optional add-on.

Since it's an API, it's Facebook that's doing all the bloating. Firefox just has a way for Facebook's services to present information directly to the browser, rather than in the tab. It's not as though they have a special Facebook Toolbar built into the browser now, but they have an API that lets Facebook make a toolbar that runs without installing like a traditional toolbar.

(It is really abysmal that Apple does not support Safari on its three year old Snow Leopard OS.)

It was only a $69 upgrade to the next version after that, which received a bugfix update about a month ago and is far superior to SL. Why are you using such an old version?

Your comment implies than SL is the last version to support PPC, when in fact false. Apple stopped selling PPC hardware 6 years ago, and they continued to release software compatible with it for another 3 years before releasing an OS update that didn't really add any new features, it just dropped PPC support and was a nice performance upgrade for Intel macs.

I had a job loss since 10.6 came out and some of my older software needs the PPC emulator that 10.7 got rid of. I have been saving money since then. My machine supports 10.8 just fine but I don't want to upgrade due to update expenses for my software. Now I'm thinking to split my HD into several partitions to create a 10.8 one to allow dual booting 10.6/10.8 but laziness and money have held me back so far.

(It is really abysmal that Apple does not support Safari on its three year old Snow Leopard OS.)

The presence of a modern secure browser is the essential element in maintaining the useability of an older OS. But then there is no money in that is there.

It was only a $69 upgrade to the next version after that, which received a bugfix update about a month ago and is far superior to SL. Why are you using such an old version?

Your comment implies than SL is the last version to support PPC, when in fact false. Apple stopped selling PPC hardware 6 years ago, and they continued to release software compatible with it for another 3 years before releasing an OS update that didn't really add any new features, it just dropped PPC support and was a nice performance upgrade for Intel macs.

It wasn't until 5 years after they sold the last PPC mac that they released an incompatible version of OS X that actually had new features.

It's a consumer OS, not an enterprise OS. If you want something secure switch to Windows Server or OpenBSD.

Ooops I did not put my points together too well.. but...what I was trying to say...

1. if you are still using Leopard on a PPC Mac you can use the TenFourFox fork of Mozilla. (I do on my old mac devices) ..ie at least there is an optimised fork for older Macs.

2. SL is only 3 years old. It is not good that the latest version of Safari is not available for a 3 year old OS. (Quite a number of intel Macs cannot use Lion and some users have not migrated because of the loss of Rosetta).

3. If Apple releases 10.9 next year then Lion will be deprecated after only 2 years as Apple usually only supports the current OS and its immediate predecessor.

Whilst this is drifting away from Mozilla issues, consumer OS or not, I believe Apple does have a responsibility to provide minimum security for its more recent systems, for the good of all net users.

(It is really abysmal that Apple does not support Safari on its three year old Snow Leopard OS.)

The presence of a modern secure browser is the essential element in maintaining the useability of an older OS. But then there is no money in that is there.

It was only a $69 upgrade to the next version after that, which received a bugfix update about a month ago and is far superior to SL. Why are you using such an old version?

Your comment implies than SL is the last version to support PPC, when in fact false. Apple stopped selling PPC hardware 6 years ago, and they continued to release software compatible with it for another 3 years before releasing an OS update that didn't really add any new features, it just dropped PPC support and was a nice performance upgrade for Intel macs.

It wasn't until 5 years after they sold the last PPC mac that they released an incompatible version of OS X that actually had new features.

It's a consumer OS, not an enterprise OS. If you want something secure switch to Windows Server or OpenBSD.

One important thing in this update is an improvement on the click to play, you have to enable it on about:config. In Firefox 17 you can enable every plugin object on the page separately, and they also correct a few bugs.

The only reason I'm not using firefox right now is the relatively long span where it would crash on any and all flash content (I hope that's fixed now), and being really annoyed by it's long update process that happens seemingly every time I want to do something quickly online.

Does the click-to-play feature actually work as documented for anyone? On an XP system where the Mozilla plugin check indicates the installed version as vulnerable, Flash still runs normally unless you manually enable click-to-play for everything.

That "small but vocal minority" that wants Firefox ESR is every enterprise IT department and every enterprise software developer in the world.

it is impossible to target a browser for a software release when a single version comes into service and goes out of service during the same time period of a full QA->Release cycle. By the time you ship product it is not tested on the latest version of the browser.

Internal IT departments face the same thing when rolling out software on their intranet.

These problems are mitigated by careful coding and backwards compatibility, but the rapid-release Firefox is under no obligation to maintain backwards compatibility. Without ESR version, Firefox would be abandoned by every enterprise and they would all standardize on Internet Explorer and Safari (the only two browsers with considerable market share and steady and predictable release cycles).